

<!DOCTYPE html>
<html class="writer-html5" lang="en" >
<head>
  <meta charset="utf-8" />
  <meta name="generator" content="Docutils 0.19: https://docutils.sourceforge.io/" />

  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
  
  <title>Compliance Check &mdash; Ceph Documentation</title>
  

  
  <link rel="stylesheet" href="../../../_static/ceph.css" type="text/css" />
  <link rel="stylesheet" href="../../../_static/pygments.css" type="text/css" />
  <link rel="stylesheet" href="../../../_static/pygments.css" type="text/css" />
  <link rel="stylesheet" href="../../../_static/ceph.css" type="text/css" />
  <link rel="stylesheet" href="../../../_static/graphviz.css" type="text/css" />
  <link rel="stylesheet" href="../../../_static/css/custom.css" type="text/css" />

  
  

  
  

  

  
  <!--[if lt IE 9]>
    <script src="../../../_static/js/html5shiv.min.js"></script>
  <![endif]-->
  
    
      <script type="text/javascript" id="documentation_options" data-url_root="../../../" src="../../../_static/documentation_options.js"></script>
        <script src="../../../_static/jquery.js"></script>
        <script src="../../../_static/_sphinx_javascript_frameworks_compat.js"></script>
        <script data-url_root="../../../" id="documentation_options" src="../../../_static/documentation_options.js"></script>
        <script src="../../../_static/doctools.js"></script>
        <script src="../../../_static/sphinx_highlight.js"></script>
    
    <script type="text/javascript" src="../../../_static/js/theme.js"></script>

    
    <link rel="index" title="Index" href="../../../genindex/" />
    <link rel="search" title="Search" href="../../../search/" />
    <link rel="next" title="Storage Devices and OSDs Management Workflows" href="../design/storage_devices_and_osds/" />
    <link rel="prev" title="Host Maintenance" href="../host-maintenance/" /> 
</head>

<body class="wy-body-for-nav">

   
  <header class="top-bar">
    <div role="navigation" aria-label="Page navigation">
  <ul class="wy-breadcrumbs">
      <li><a href="../../../" class="icon icon-home" aria-label="Home"></a></li>
          <li class="breadcrumb-item"><a href="../../../cephadm/">Cephadm</a></li>
          <li class="breadcrumb-item"><a href="../">CEPHADM 开发者文档</a></li>
      <li class="breadcrumb-item active">Compliance Check</li>
      <li class="wy-breadcrumbs-aside">
            <a href="../../../_sources/dev/cephadm/compliance-check.rst.txt" rel="nofollow"> View page source</a>
      </li>
  </ul>
  <hr/>
</div>
  </header>
  <div class="wy-grid-for-nav">
    
    <nav data-toggle="wy-nav-shift" class="wy-nav-side">
      <div class="wy-side-scroll">
        <div class="wy-side-nav-search"  style="background: #eee" >
          

          
            <a href="../../../" class="icon icon-home"> Ceph
          

          
          </a>

          

          
<div role="search">
  <form id="rtd-search-form" class="wy-form" action="../../../search/" method="get">
    <input type="text" name="q" placeholder="Search docs" aria-label="Search docs" />
    <input type="hidden" name="check_keywords" value="yes" />
    <input type="hidden" name="area" value="default" />
  </form>
</div>

          
        </div>

        
        <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
          
            
            
              
            
            
              <ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../../../start/">Ceph 简介</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../install/">安装 Ceph</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="../../../cephadm/">Cephadm</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="../../../cephadm/compatibility/">Compatibility and Stability</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../cephadm/install/">部署个全新的 Ceph 集群</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../cephadm/adoption/">现有集群切换到 cephadm</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../cephadm/host-management/">Host Management</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../cephadm/services/">Service Management</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../cephadm/certmgr/">Certificate Management</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../cephadm/upgrade/">升级 Ceph</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../cephadm/operations/">Cephadm operations</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../cephadm/client-setup/">Client Setup</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../../cephadm/troubleshooting/">Troubleshooting</a></li>
<li class="toctree-l2 current"><a class="reference internal" href="../">Cephadm Feature Planning</a><ul class="current">
<li class="toctree-l3"><a class="reference internal" href="../developing-cephadm/">Developing with cephadm</a></li>
<li class="toctree-l3"><a class="reference internal" href="../host-maintenance/">Host Maintenance</a></li>
<li class="toctree-l3 current"><a class="current reference internal" href="#">Compliance Check</a><ul>
<li class="toctree-l4"><a class="reference internal" href="#prerequisites">Prerequisites</a></li>
<li class="toctree-l4"><a class="reference internal" href="#administrator-interaction">Administrator Interaction</a></li>
<li class="toctree-l4"><a class="reference internal" href="#proposed-integration">Proposed Integration</a></li>
<li class="toctree-l4"><a class="reference internal" href="#proposed-checks">Proposed Checks</a></li>
<li class="toctree-l4"><a class="reference internal" href="#notification-strategy">Notification Strategy</a></li>
<li class="toctree-l4"><a class="reference internal" href="#futures">Futures</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../design/storage_devices_and_osds/">存储设备和 OSD 管理</a></li>
<li class="toctree-l3"><a class="reference internal" href="../scalability-notes/">Notes and Thoughts on Cephadm’s scalability</a></li>
</ul>
</li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../../rados/">Ceph 存储集群</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../cephfs/">Ceph 文件系统</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../rbd/">Ceph 块设备</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../radosgw/">Ceph 对象网关</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../mgr/">Ceph 管理器守护进程</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../mgr/dashboard/">Ceph 仪表盘</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../monitoring/">监控概览</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../api/">API 文档</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../architecture/">体系结构</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../developer_guide/">开发者指南</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../internals/">Ceph 内幕</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../governance/">项目管理</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../foundation/">Ceph 基金会</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../ceph-volume/">ceph-volume</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../releases/general/">Ceph 版本（总目录）</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../releases/">Ceph 版本（索引）</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../security/">Security</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../hardware-monitoring/">硬件监控</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../glossary/">Ceph 术语</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../jaegertracing/">Tracing</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../../translation_cn/">中文版翻译资源</a></li>
</ul>

            
          
        </div>
        
      </div>
    </nav>

    <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">

      
      <nav class="wy-nav-top" aria-label="top navigation">
        
          <i data-toggle="wy-nav-top" class="fa fa-bars"></i>
          <a href="../../../">Ceph</a>
        
      </nav>


      <div class="wy-nav-content">
        
        <div class="rst-content">
        
          <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
           <div itemprop="articleBody">
            
<div id="dev-warning" class="admonition note">
  <p class="first admonition-title">Notice</p>
  <p class="last">This document is for a development version of Ceph.</p>
</div>
  <div id="docubetter" align="right" style="padding: 5px; font-weight: bold;">
    <a href="https://pad.ceph.com/p/Report_Documentation_Bugs">Report a Documentation Bug</a>
  </div>

  
  <section id="compliance-check">
<h1>Compliance Check<a class="headerlink" href="#compliance-check" title="Permalink to this heading"></a></h1>
<p>The stability and reliability of a Ceph cluster is dependent not just upon the Ceph daemons, but
also the OS and hardware that Ceph is installed on. This document is intended to promote a design
discussion for providing a “compliance” feature within mgr/cephadm, which would be responsible for
identifying common platform-related issues that could impact Ceph stability and operation.</p>
<p>The ultimate goal of these checks is to identify issues early and raise a healthcheck WARN
event, to alert the Administrator to the issue.</p>
<section id="prerequisites">
<h2>Prerequisites<a class="headerlink" href="#prerequisites" title="Permalink to this heading"></a></h2>
<p>In order to effectively analyse the hosts that Ceph is deployed to, this feature requires a cache
of host-related metadata. The metadata is already available from cephadm’s HostFacts class and the
<code class="docutils literal notranslate"><span class="pre">gather-facts</span></code> cephadm command. For the purposes of this document, we will assume that this
data is available within the mgr/cephadm “cache” structure.</p>
<p>Some checks will require that the host status is also populated e.g. ONLINE, OFFLINE, MAINTENANCE</p>
</section>
<section id="administrator-interaction">
<h2>Administrator Interaction<a class="headerlink" href="#administrator-interaction" title="Permalink to this heading"></a></h2>
<p>Not all users will require this feature, and must be able to ‘opt out’. For this reason,
mgr/cephadm must provide controls, such as the following;</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n">ceph</span> <span class="n">cephadm</span> <span class="n">compliance</span> <span class="n">enable</span> <span class="o">|</span> <span class="n">disable</span> <span class="o">|</span> <span class="n">status</span> <span class="p">[</span><span class="o">--</span><span class="nb">format</span> <span class="n">json</span><span class="p">]</span>
<span class="n">ceph</span> <span class="n">cephadm</span> <span class="n">compliance</span> <span class="n">ls</span> <span class="p">[</span><span class="o">--</span><span class="nb">format</span> <span class="n">json</span><span class="p">]</span>
<span class="n">ceph</span> <span class="n">cephadm</span> <span class="n">compliance</span> <span class="n">enable</span><span class="o">-</span><span class="n">check</span> <span class="o">&lt;</span><span class="n">name</span><span class="o">&gt;</span>
<span class="n">ceph</span> <span class="n">cephadm</span> <span class="n">compliance</span> <span class="n">disable</span><span class="o">-</span><span class="n">check</span> <span class="o">&lt;</span><span class="n">name</span><span class="o">&gt;</span>
<span class="n">ceph</span> <span class="n">cephadm</span> <span class="n">compliance</span> <span class="nb">set</span><span class="o">-</span><span class="n">check</span><span class="o">-</span><span class="n">interval</span> <span class="o">&lt;</span><span class="nb">int</span><span class="o">&gt;</span>
<span class="n">ceph</span> <span class="n">cephadm</span> <span class="n">compliance</span> <span class="n">get</span><span class="o">-</span><span class="n">check</span><span class="o">-</span><span class="n">interval</span>
</pre></div>
</div>
<p>The status option would show the enabled/disabled state of the feature, along with the
check-interval.</p>
<p>The <code class="docutils literal notranslate"><span class="pre">ls</span></code> subcommand would show all checks in the following format;</p>
<p><code class="docutils literal notranslate"><span class="pre">check-name</span> <span class="pre">status</span> <span class="pre">description</span></code></p>
</section>
<section id="proposed-integration">
<h2>Proposed Integration<a class="headerlink" href="#proposed-integration" title="Permalink to this heading"></a></h2>
<p>The compliance checks are not required to run all the time, but instead should run at discrete
intervals. The interval would be configurable under via the <code class="code docutils literal notranslate"><span class="pre">set-check-interval</span></code>
subcommand (default would be every 12 hours)</p>
<p>mgr/cephadm currently executes an event driven (time based) serve loop to act on deploy/remove and
reconcile activity. In order to execute the compliance checks, the compliance check code would be
called from this main serve loop - when the <code class="code docutils literal notranslate"><span class="pre">set-check-interval</span></code> is met.</p>
</section>
<section id="proposed-checks">
<h2>Proposed Checks<a class="headerlink" href="#proposed-checks" title="Permalink to this heading"></a></h2>
<p>All checks would push any errors to a list, so multiple issues can be escalated to the Admin at
the same time. The list below provides a description of each check, with the text following the
name indicating a shortname version <em>(the shortname is the reference for command Interaction
when enabling or disabling a check)</em></p>
<section id="os-consistency-os">
<h3>OS Consistency (OS)<a class="headerlink" href="#os-consistency-os" title="Permalink to this heading"></a></h3>
<ul class="simple">
<li><p>all hosts must use same vendor</p></li>
<li><p>all hosts must be on the same major release (this check would only be applicable to distributions that
offer a long-term-support strategy (RHEL, CentOS, SLES, Ubuntu etc)</p></li>
</ul>
<p><em>src: gather-facts output</em></p>
</section>
<section id="linux-kernel-security-mode-lsm">
<h3>Linux Kernel Security Mode (LSM)<a class="headerlink" href="#linux-kernel-security-mode-lsm" title="Permalink to this heading"></a></h3>
<ul class="simple">
<li><p>All hosts should have a consistent SELINUX/AppArmor configuration</p></li>
</ul>
<p><em>src: gather-facts output</em></p>
</section>
<section id="services-check-services">
<h3>Services Check (SERVICES)<a class="headerlink" href="#services-check-services" title="Permalink to this heading"></a></h3>
<p>Hosts that are in an ONLINE state should adhere to the following;</p>
<ul class="simple">
<li><p>all daemons (systemd units) should be enabled</p></li>
<li><p>all daemons should be running (not dead)</p></li>
</ul>
<p><em>src: list_daemons output</em></p>
</section>
<section id="support-status-support">
<h3>Support Status (SUPPORT)<a class="headerlink" href="#support-status-support" title="Permalink to this heading"></a></h3>
<p>If support status has been detected, it should be consistent across all hosts. At this point
support status is available only for Red Hat machines.</p>
<p><em>src: gather-facts output</em></p>
</section>
<section id="network-mtu-mtu">
<h3>Network : MTU (MTU)<a class="headerlink" href="#network-mtu-mtu" title="Permalink to this heading"></a></h3>
<p>All network interfaces on the same Ceph network (public/cluster) should have the same MTU</p>
<p><em>src: gather-facts output</em></p>
</section>
<section id="network-linkspeed-linkspeed">
<h3>Network : LinkSpeed (LINKSPEED)<a class="headerlink" href="#network-linkspeed-linkspeed" title="Permalink to this heading"></a></h3>
<p>All network interfaces on the same Ceph network (public/cluster) should have the same Linkspeed</p>
<p><em>src: gather-facts output</em></p>
</section>
<section id="network-consistency-interface">
<h3>Network : Consistency (INTERFACE)<a class="headerlink" href="#network-consistency-interface" title="Permalink to this heading"></a></h3>
<p>All hosts with OSDs should have consistent network configuration - eg. if some hosts do
not separate cluster/public traffic but others do, that is an anomaly that would generate a
compliance check warning.</p>
<p><em>src: gather-facts output</em></p>
</section>
</section>
<section id="notification-strategy">
<h2>Notification Strategy<a class="headerlink" href="#notification-strategy" title="Permalink to this heading"></a></h2>
<p>If any of the checks fail, mgr/cephadm would raise a WARN level alert</p>
</section>
<section id="futures">
<h2>Futures<a class="headerlink" href="#futures" title="Permalink to this heading"></a></h2>
<p>The checks highlighted here serve only as a starting point, and we should expect to expand
on the checks over time.</p>
</section>
</section>



<div id="support-the-ceph-foundation" class="admonition note">
  <p class="first admonition-title">Brought to you by the Ceph Foundation</p>
  <p class="last">The Ceph Documentation is a community resource funded and hosted by the non-profit <a href="https://ceph.io/en/foundation/">Ceph Foundation</a>. If you would like to support this and our other efforts, please consider <a href="https://ceph.io/en/foundation/join/">joining now</a>.</p>
</div>


           </div>
           
          </div>
          <footer><div class="rst-footer-buttons" role="navigation" aria-label="Footer">
        <a href="../host-maintenance/" class="btn btn-neutral float-left" title="Host Maintenance" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left" aria-hidden="true"></span> Previous</a>
        <a href="../design/storage_devices_and_osds/" class="btn btn-neutral float-right" title="Storage Devices and OSDs Management Workflows" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right" aria-hidden="true"></span></a>
    </div>

  <hr/>

  <div role="contentinfo">
    <p>&#169; Copyright 2016, Ceph authors and contributors. Licensed under Creative Commons Attribution Share Alike 3.0 (CC-BY-SA-3.0).</p>
  </div>

   

</footer>
        </div>
      </div>

    </section>

  </div>
  

  <script type="text/javascript">
      jQuery(function () {
          SphinxRtdTheme.Navigation.enable(true);
      });
  </script>

  
  
    
   

</body>
</html>